Support Center > Search Results > SecureKnowledge Details
'sshd-x[PID]: reverse mapping checking getaddrinfo for HOST.DOMAIN failed - POSSIBLE BREAKIN ATTEMPT!' errors in /var/log/messages file
Symptoms
  • /var/log/messages file shows the following error:

    sshd-x[PID]: reverse mapping checking getaddrinfo for HOSTNAME.DOMAIN failed - POSSIBLE BREAKIN ATTEMPT!

    Example:
    Nov 19 00:15:25 FireWall_001 [LOG_INFO] sshd-x[25130]: reverse mapping checking getaddrinfo for unknown.example.org failed - POSSIBLE BREAKIN ATTEMPT!
Cause

The Forward DNS record and Reverse DNS (PTR) record are not consistent with each other.

The system is trying to do a Reverse DNS lookup to match the connecting IP address with the hostname that is trying to connect and fails to do so.


Solution

In the above example:

  • The host 192.168.81.8 is connecting to FireWall_001 over SSH.
  • Lookup for the hostname associated to that IP address resolves to unknown.example.org.
  • Resolving the IP address associated with unknown.example.org fails because either the IP address is not 192.168.81.8, or unknown.example.org cannot be resolved.

 

Possible troubleshooting steps (the order of the steps does not matter):

  • Verify that DNS server are configured correctly in the /etc/resolv.conf file.

  • Add the manual entry for relevant connecting machines into /etc/hosts file.

  • Disable lookup of the hostnames for connecting machines by setting "UseDNS no" directive in the /etc/ssh/sshd_config file.

  • Do not use simple passwords for SSH. The best idea to to disable passwords altogether and use SSH keys only.

  • Disable root login by setting "PermitRootLogin no" directive in the /etc/ssh/sshd_config file.

  • Change the port SSHD daemon is running on by setting the desired port in "Port" directive or in "ListenAddress IPv4_Address:Port" directive in the /etc/ssh/sshd_config file.

  • Change the shell for nobody user to /bin/false or /bin/nologin.

 

Imported from Nokia support database

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment